Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/f4e4o0_xM7E9GzzcJXmMyO-68BA.roa
File:                     f4e4o0_xM7E9GzzcJXmMyO-68BA.roa (raw, json)
Hash identifier:          Q+p/Q4RNaTGG8IqpbAj6UXeNzDZ31WAhnZKVUl8mjzU=
Subject key identifier:   7F:87:B8:A3:4F:F1:33:B1:3D:1B:3C:DC:25:79:8C:C8:EF:BA:F0:10
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       019F179686B1612C1F027CC4A5EE1DCC372D
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/f4e4o0_xM7E9GzzcJXmMyO-68BA.roa
Signing time:             Tue 30 Jun 2026 08:12:48 +0000
ROA not before:           Tue 30 Jun 2026 08:12:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199242
IP address blocks:        85.133.219.0/24 maxlen: 24
                          85.133.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 20:30:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:17:96:86:b1:61:2c:1f:02:7c:c4:a5:ee:1d:cc:37:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Jun 30 08:12:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7f87b8a34ff133b13d1b3cdc25798cc8efbaf010
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:53:4c:db:e9:fb:b9:61:13:1b:03:69:50:42:
                    9a:cd:62:e3:02:aa:84:3a:a4:b2:99:d3:45:47:a0:
                    f7:b7:b0:69:66:d0:27:61:46:0a:8c:45:3c:87:14:
                    51:cd:e8:6f:ef:6a:45:00:91:8d:3b:a0:91:f7:db:
                    4a:e0:82:6e:e5:f4:06:42:f6:4e:3e:4e:49:e0:96:
                    01:da:c4:49:f3:87:ac:41:a3:35:05:69:d6:58:c2:
                    79:61:76:c5:18:ff:ed:eb:64:a3:5d:30:a7:77:ca:
                    c6:ba:b6:e4:53:4a:d7:9f:e9:73:c2:4f:35:8f:0f:
                    d4:0c:4e:d7:e6:a1:8b:24:37:5f:c9:f3:51:96:1d:
                    32:09:7a:b1:12:04:42:c1:78:50:4b:5d:07:af:db:
                    08:0b:2d:b9:1f:e3:98:03:dc:0b:4d:bb:ef:ab:34:
                    bd:20:0f:ac:d6:cb:01:d6:b4:8b:3a:6d:6d:7d:d1:
                    32:95:7f:37:d3:bf:bc:78:f9:5c:5b:af:de:d9:a1:
                    e9:7c:2e:ee:bf:34:db:94:c5:b4:d3:1c:68:9c:f1:
                    c4:30:ca:c8:7a:81:da:e0:39:65:bd:88:bf:a0:0c:
                    d7:bf:cb:0d:f0:58:2d:9c:46:5b:7a:5f:4e:f0:2d:
                    30:06:4b:89:98:f2:aa:4d:4e:29:db:b0:5b:25:73:
                    4d:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:87:B8:A3:4F:F1:33:B1:3D:1B:3C:DC:25:79:8C:C8:EF:BA:F0:10
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/f4e4o0_xM7E9GzzcJXmMyO-68BA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.219.0/24
                  85.133.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:4c:80:5f:01:98:f1:9a:8b:5e:1d:f6:e9:30:71:70:7f:65:
         82:6e:5b:1c:e9:72:d7:36:e0:8d:bd:fb:df:92:db:ff:0d:36:
         17:b8:a6:88:aa:80:d2:92:22:3d:aa:b8:fd:aa:f9:1a:c2:be:
         c8:d3:d4:73:a9:57:9b:33:53:96:f7:59:bc:7f:5a:2d:aa:17:
         ab:ba:fc:08:f0:17:22:a4:46:dc:3d:86:59:f4:df:ed:2a:1d:
         6d:1e:fa:fe:4e:cb:cd:d7:60:79:f7:64:1f:8f:13:80:2b:75:
         35:a0:d7:50:90:22:30:ee:9c:25:8f:6c:6a:5e:91:df:4d:0d:
         f2:1e:af:e5:71:a7:ad:d0:b7:e2:81:a8:9d:09:26:ad:0c:a5:
         fe:93:f7:80:44:68:df:16:7a:05:54:a5:eb:fa:c4:a7:0f:f2:
         6e:fc:c6:43:ad:ab:71:9a:85:23:73:a1:84:e9:db:26:8f:81:
         0f:5f:54:c6:f8:40:e6:a8:cf:fc:e5:85:dd:d2:ec:70:eb:f5:
         27:0b:88:5c:ae:db:ff:ef:13:a3:94:34:87:1a:86:f6:40:46:
         8f:c5:f0:a1:94:8c:d1:01:39:a2:a3:b1:a5:25:71:43:f7:49:
         dc:73:47:18:34:8e:0c:f1:45:24:0c:31:33:9c:12:01:6e:1c:
         6a:ef:ee:aa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ8XloaxYSwfAnzEpe4dzDctMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjYwNjMwMDgxMjQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Zjg3YjhhMzRmZjEzM2IxM2QxYjNjZGMyNTc5OGNjOGVmYmFmMDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFNM2+n7uWETGwNpUEKazWLjAqqE
OqSymdNFR6D3t7BpZtAnYUYKjEU8hxRRzehv72pFAJGNO6CR99tK4IJu5fQGQvZO
Pk5J4JYB2sRJ84esQaM1BWnWWMJ5YXbFGP/t62SjXTCnd8rGurbkU0rXn+lzwk81
jw/UDE7X5qGLJDdfyfNRlh0yCXqxEgRCwXhQS10Hr9sICy25H+OYA9wLTbvvqzS9
IA+s1ssB1rSLOm1tfdEylX8307+8ePlcW6/e2aHpfC7uvzTblMW00xxonPHEMMrI
eoHa4DllvYi/oAzXv8sN8FgtnEZbel9O8C0wBkuJmPKqTU4p27BbJXNNpwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH+HuKNP8TOxPRs83CV5jMjvuvAQMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvZjRlNG8wX3hNN0U5R3p6Y0pYbU15Ty02OEJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVYXbAwQA
VYXtMA0GCSqGSIb3DQEBCwUAA4IBAQCTTIBfAZjxmoteHfbpMHFwf2WCblsc6XLX
NuCNvfvfktv/DTYXuKaIqoDSkiI9qrj9qvkawr7I09RzqVebM1OW91m8f1otqher
uvwI8BcipEbcPYZZ9N/tKh1tHvr+TsvN12B592QfjxOAK3U1oNdQkCIw7pwlj2xq
XpHfTQ3yHq/lcaet0LfigaidCSatDKX+k/eARGjfFnoFVKXr+sSnD/Ju/MZDratx
moUjc6GE6dsmj4EPX1TG+EDmqM/85YXd0uxw6/UnC4hcrtv/7xOjlDSHGob2QEaP
xfChlIzRATmio7GlJXFD90ncc0cYNI4M8UUkDDEznBIBbhxq7+6q
-----END CERTIFICATE-----
Generated at Wed Jul 1 02:33:39 2026 by rpki-client